#+TITLE: Concerns with Linux - Kevin "The Nuclear" Bloom's Personal Website
#+OPTIONS: toc:nil num:nil tex:t title:nil

* Concerns with Linux

#+BEGIN_PREVIEW
A few months ago I was poking around on a Debian system just for fun and wanted
to install [[https://gnu.org/s/emacs][GNU Emacs]]. On the core install [[https://www.gtk.org/][GTK]] isn't installed by default, so I
fired up =apt= to pull down the program and it's /insane/ amount of
dependencies. When I saw the number of dependencies, I was shocked! I've built
Emacs like a hundred times now and never needed all that. I was curious and
began to look through the depends to see what's up. To my surprise, I found tons
and tons of /unneeded/ programs and libraries, especially [[https://webkitgtk.org/][webkitGTK]], which I
have /never/ needed for Emacs.[fn:1] Especially because Emacs is an editor not a web
browser. "Interesting," I said, "there could be hundreds of programs installed
and no one would ever know..." This thought made me take a deep look at the
current state of GNU/Linux and here's what I've found.
#+END_PREVIEW


While looking into my concerns on what I'm calling /dependency hell/, I ran into
an interesting article entitled
[[https://unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd.html][Why You Should Migrate Everything from Linux to BSD]].[fn:2] While I'm not totally
advocating that, it brought up some very interesting points and valid concerns
with [[https://en.wikipedia.org/wiki/GNU_General_Public_License][GPL]]'d software. From my own findings in tandem with the information from
the article, I have come up with 4 concerns that I have with GNU/Linux:
malicious influence, dependency hell, proprietary influence, and lack of care.


** Malicious Influence
If you read the article mentioned above, you'll see how [[https://systemd.io/][systemd]], Firefox, Linux
(I don't think he explicitly mentioned Microsoft's influence in that article)
have been influenced by companies in a potentially malicious way. I won't repeat
what he wrote about but I will say that this should be a rather large concern
for us. With core programs like systemd and Linux being hijacked can we really
say if a GNU/Linux system (running systemd) is safe? Probably not. At this
point, I wouldn't recommend anyone run a distro that using systemd. This knocks
out many distros including but not limited to: Debian, Arch, and anything based
on those 2 (besides Devuan).


"But that's just one program, why does it matter?" Yes, it is one program,
however, on the mentioned distros above, it is very difficult to run them
without using systemd. Also, systemd has become a program of programs. It
encompasses nearly every aspect of your system. It can even integrate with some
programs such as Emacs.[fn:3] In theory, systemd could be used as a gateway to
nearly every part of your system. If that isn't concerning, I don't know what
is! Check out [[https://unixsheikh.com/articles/systemd-isnt-safe-to-run-anywhere.html][this]] article too!


** Dependency Hell
I have always complained about dependencies. I've been annoyed with them since
like 2010! This is on of the many reasons I started using Dragora. It doesn't
suffer from the same dependency struggles that you get when you have a
dependency tree such as in =apt=, =pacman=, or =portage=. Why is this a concern
for me? Well, the biggest issue that I see is that there is a potential for
something unknown being put on your system. For example, say you never want to
see webkitGTK again due to some security bug or something. Then you go to
download Emacs and just like that you got webkitGTK back. A normal person
wouldn't think Emacs would depend on something like that since it's an editor,
not a web browser. This is not only annoying but potentially dangerous if that
security bug hadn't been fixed in webkitGTK yet (only if you found yourself
using it by accident).


Another reason I dislike massive amounts of dependencies is that it complicates
your system. You already are running a very complicated computer with a
complicated OS with a complicated kernel etc, etc. Why add another complication
to the party? Have hundreds and hundreds (potentially thousands) of dependencies
is just a great way to break your system. You install an update, something
breaks. Totally normal on a Arch system! Well, what broke? I don't know, go
check the 100 packages that got updated in the last update. Good luck. That
situation is truly stupid, in my opinion. The fewer dependencies the better, the
simpler the system the better! There are only a few distros nowadays that don't
suffer from this issue (that I know of): Dragora, Slackware, [potentially] Void,
[potentially] Guix System (although this has other complicating factors), and
CRUX.


** Proprietary Influence
Why doesn't it seem to bother anyone except for free/libre-tards, such as
myself, that there are so many damn proprietary modules in Linux? Also, why the
hell does no one care that Linux is starting to be more like the Windows kernel
with it's ~28 million lines of code and hundreds, potentially thousands, of
proprietary drivers/modules? Heck, at this rate Linux /will/ be the new
Windows!! Well, I believe that part of the reason for this odd behavior is that
Microsoft (MS) is "hijacking" Linux (the kernel). I don't have any real proof of this
except that MS going from hating Linux to loving them and now they're donating
tons of money to The Linux Foundation... Yeah, seems sketchy to me! If I was
getting millions of dollars to do something, I'd probably listen to the guy
giving it to me.


At the rate this is going, I wouldn't be surprised if we would start to see
potentially malicious code being put into Linux and it becoming difficult or
impossible to turn off. This would be a major concern to projects like
[[https://www.fsfla.org/ikiwiki/selibre/linux-libre/][Linux-libre]] whom just take the code and run it through a de-blobbing program. If
something like that were to happen, I doubt that the folks at Linux-libre would
have the manpower to fork Linux and keep it going. It would be interesting to
see what would happen that's for sure.


** Lack of Care
As mentioned in the previous section, no one seems to care about what's going on
here! There are some folks in the "Free Software-side" of the GNU/Linux
community that do but the majority don't. I believe that this may be the worst
factor of them all. If the community just lets all this stuff happen *it will
happen* and it won't get better. Unless we actively refuse these concerning
items, they'll just keep going. Sadly, I don't think that the community will do
this. I believe that in due time we will see Linux push malicious changes and
other programs following suit (such as systemd).


--------------------------------------------------------------------------------

So, what are we to do? Well, let's lay out the options: [[https://www.gnu.org/software/hurd/][GNU Hurd]], *BSD, keep
using linux-libre until the dark times and then decide, nothing. The most ideal
situations would be to get Hurd working well or remove Linux and use a BSD
kernel. The two best would be [[https://www.openbsd.org/][OpenBSD]][fn:4] or [[https://NetBSD.org/][NetBSD]], as they don't load
proprietary modules by default. You could do as the article says and migrate
over to a BSD.[fn:5] They don't really have the same issues due to their
specialized communities (more to come on this topic. The most practical as of
now is to just use Linux-libre and see what happens. I, personally, think
migrating to BSD is the best for advanced users but normal folks should probably
stay were they are for now (if not on linux-libre, migrate to that).


All-and-all, I'm not sure what's going to happen here in the GNU/Linux world. I
hope for the best but plan for the worst. We will see what happens!



* Footnotes

[fn:1] I later found out that webkitGTK can be used with xwidgets, something
that I have never ever wanted to do. I understand that the Debian package
maintainers what to include everything possible in their standard Emacs package
but this fact doesn't change my mind about my concerns with dependency hell.

[fn:2] Check out his [[https://unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd-part-2.html][sequel]] too.

[fn:3] I fundamentally disagree with the Emacs team's decision to do this.

[fn:4] [[https://www.hyperbola.info/][Hyperbola GNU/Linux]] is currently doing this with OpenBSD's kernel. See [[https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/][here]].

[fn:5] This is something I am planning on doing. Article to come!
